Conventionally, an apparatus called a “secure module” verifies whether the state of an application under execution by an information processing apparatus connected to the secure module, is secure. For example, according to a related technique, a program to be written into a main memory whose security is not guaranteed is encrypted by a secure module whose reliability is guaranteed, and is written into the main memory. According to another technique, a secure module recovers an encrypted program in a first storage unit to the executable state thereof, writes the recovered program into a second storage unit, and deletes the recovered program from the second storage unit after execution of the recovered program by a CPU. According to another technique, if no falsification has been made to load destination information that indicates a memory area of an address space in the memory, to be occupied by an execution image of a program, the execution image of the program is generated and is used for the execution; and thereby, the execution image is loaded to the memory area indicated by the load destination information. According to yet another technique, when a processor executes a program in a safety mode, the program accesses safety data that is inaccessible when the processor operates in a non-safety mode, and switching between the safety mode and the non-safety mode is executed through a monitor mode. For examples, refer to Japanese Laid-Open Patent Publication Nos. 2012-234362, 2005-135265, and 2007-133860; and Published Japanese-Translation of PCT Application, Publication No. 2006-506751.
However, according to the conventional techniques, the processing load on the secure module increases when the number of applications under execution by the information processing apparatus in a system that includes a secure module is great, or when the volume of execution code of the applications is great.